26 Identity Theft Red Flags

The Red Flags Rule regulation specifically calls out 26 identity theft red flags that companies should consider as part of their identity theft prevention and training programs. These identity theft red flags are not only important to consider from a compliance standpoint, but also establish a baseline for starting risk assessments and risk management. Companies should consider these 26 identity theft red flags in their risk assessment process and incorporate the ones that apply to their business in their identity theft prevention program and employee identity theft prevention training. The Red Flags Rule classifies these 26 red flags by the following 5 categories:

  • consumer reports, 
  • identification documents and information, 
  • address discrepancy notices, 
  • suspicious address changes, and 
  • warning notices received from customers and other sources.

List of 26 Identity Theft Red Flags

  1. Consumer report fraud alerts must be considered as a possible identity theft red flag.
  2. Notice of a credit freeze in response to a request for a consumer report is a red flag because a consumer who placed a credit freeze is less likely to apply for credit.
  3. Unusual credit activity, such as an increased number of new accounts, spending or inquiries appear in the credit reports.
  4. Documents provided for identification by the customer appear altered or forged.
  5. Photograph on ID is inconsistent with the appearance of the customer present.
  6. Information on ID card is inconsistent with information provided by the person opening account. For example, the address may not be the same.
  7. Information on ID card, such as signature is inconsistent with information on file in the organization.
  8. Application appears forged, altered and reassembled.
  9. Personal information is inconsistent. For example,  information on the ID does not match any address in the consumer report, or, Social Security number has not been issued, or appears on the Social Security Administration's Death Master File.
  10. Lack of correlation between Social Security number range and date of birth exists.
  11. Personal identifying information associated with known fraud activity exists.
  12. Suspicious information and addresses is supplied, such as a mail drop, prison, or phone numbers associated with pagers or answering service.
  13. Social Security number provided matches identical numbers submitted by another person opening an account or other customers.
  14. An address or phone number matches those supplied by other applicants.
  15. The person opening the account is unable to supply identifying information in response to notification that the application is incomplete.
  16. Personal information is inconsistent with information already on file at financial institution or creditor.
  17. An existing customer is unable to correctly answer challenge questions.
  18. Shortly after change of address, creditor receives a request for additional users for the account.
  19. A consumer reporting agency provides a notice of address discrepancy.
  20.  Most of available credit is used for cash advances, jewelry or electronics, and customer fails to make first payment.
  21. Drastic change in payment patterns, use of available credit or spending patterns exists.
  22. An account that has been inactive for a long time suddenly becomes unusually active.
  23. Mail sent to customer repeatedly is returned as undeliverable despite ongoing transactions on the account.
  24. Financial institution or creditor is notified that customer is not receiving paper account statements.
  25. Financial institution or creditor s notified of unauthorized charges or transactions on customer's account.
  26. Financial institution or creditor is notified that it has opened a fraudulent account for a person engaged in identity theft.

Learn about the Red Flags Rule training offered by Identity Management Institute.